Salt peppered with holes? Automation tool vulnerable to auth bypass: Patch now
'The impact is full remote command execution as root on both master and all minions'
The Salt configuration tool has patched two vulnerabilities whose combined effect was to expose Salt installations to complete control by an attacker. A patch for the issues was released last night, but systems that are not set to auto-update may still be vulnerable....